diff --git a/salt/common/tools/so-brologs b/salt/common/tools/so-brologs
new file mode 100644
index 000000000..1593ead81
--- /dev/null
+++ b/salt/common/tools/so-brologs
@@ -0,0 +1,57 @@
+#!/bin/bash
+
+bro_logs_enabled() {
+
+  echo "brologs:" > /opt/so/saltstack/pillar/brologs.sls
+  echo "  enabled:" >> /opt/so/saltstack/pillar/brologs.sls
+  for BLOG in ${BLOGS[@]}; do
+    echo "    - $BLOG" | tr -d '"' >> /opt/so/saltstack/pillar/brologs.sls
+  done
+
+}
+
+whiptail_master_adv_service_brologs() {
+
+  BLOGS=$(whiptail --title "Security Onion Setup" --checklist "Please Select Logs to Send:" 24 78 12 \
+  "conn" "Connection Logging" ON \
+  "dce_rpc" "RPC Logs" ON \
+  "dhcp" "DHCP Logs" ON \
+  "dhcpv6" "DHCP IPv6 Logs" ON \
+  "dnp3" "DNP3 Logs" ON \
+  "dns" "DNS Logs" ON \
+  "dpd" "DPD Logs" ON \
+  "files" "Files Logs" ON \
+  "ftp" "FTP Logs" ON \
+  "http" "HTTP Logs" ON \
+  "intel" "Intel Hits Logs" ON \
+  "irc" "IRC Chat Logs" ON \
+  "kerberos" "Kerberos Logs" ON \
+  "modbus" "MODBUS Logs" ON \
+  "mqtt" "MQTT Logs" ON \
+  "notice" "Zeek Notice Logs" ON \
+  "ntlm" "NTLM Logs" ON \
+  "openvpn" "OPENVPN Logs" ON \
+  "pe" "PE Logs" ON \
+  "radius" "Radius Logs" ON \
+  "rfb" "RFB Logs" ON \
+  "rdp" "RDP Logs" ON \
+  "signatures" "Signatures Logs" ON \
+  "sip" "SIP Logs" ON \
+  "smb_files" "SMB Files Logs" ON \
+  "smb_mapping" "SMB Mapping Logs" ON \
+  "smtp" "SMTP Logs" ON \
+  "snmp" "SNMP Logs" ON \
+  "software" "Software Logs" ON \
+  "ssh" "SSH Logs" ON \
+  "ssl" "SSL Logs" ON \
+  "syslog" "Syslog Logs" ON \
+  "telnet" "Telnet Logs" ON \
+  "tunnel" "Tunnel Logs" ON \
+  "weird" "Zeek Weird Logs" ON \
+  "mysql" "MySQL Logs" ON \
+  "socks" "SOCKS Logs" ON \
+  "x509" "x.509 Logs" ON 3>&1 1>&2 2>&3 )
+}
+
+whiptail_master_adv_service_brologs
+bro_logs_enabled
diff --git a/files/utils/so-checkin b/salt/common/tools/so-checkin
similarity index 100%
rename from files/utils/so-checkin
rename to salt/common/tools/so-checkin
diff --git a/files/utils/so-getparsed b/salt/common/tools/so-getparsed
similarity index 100%
rename from files/utils/so-getparsed
rename to salt/common/tools/so-getparsed
diff --git a/files/utils/so-getunparsed b/salt/common/tools/so-getunparsed
similarity index 100%
rename from files/utils/so-getunparsed
rename to salt/common/tools/so-getunparsed
diff --git a/files/utils/so-listindex b/salt/common/tools/so-listindex
similarity index 100%
rename from files/utils/so-listindex
rename to salt/common/tools/so-listindex
diff --git a/files/utils/so-start b/salt/common/tools/so-start
similarity index 100%
rename from files/utils/so-start
rename to salt/common/tools/so-start